Last checked and updated on April 19, 2026What Is New in Keycloak 4.5
| Category | Description |
|---|---|
| New Features | Added support for JavaScript policies, fine-grained admin permissions, and new identity provider mappers. |
| Improvements | Enhanced LDAP performance, user session management, and admin console usability. |
| Bug Fixes | Resolved issues across authentication flows, client registration, and storage providers. |
| Security | Patched vulnerabilities including one critical issue in the SAML protocol handling. |
| Deprecated | Marked older JavaScript policy engine for removal in a future release. |
How does JavaScript policy support change authorization?
Keycloak 4.5 introduces a new JavaScript-based policy engine that replaces the older Nashorn implementation. This allows for more modern and flexible authorization rules directly within the admin console. In practice, this means you can write complex policy logic using a contemporary JS environment. The old engine is now deprecated and scheduled for removal.
What admin permissions were added?
Fine-grained admin permissions are a major step forward for delegating management tasks. You can now grant specific permissions like managing users or clients without giving full admin access. This is crucial for larger teams where you need to separate duties. It directly addresses the need for more granular control over who can change what in the realm.
Were there any critical security patches?
Yes, a critical security vulnerability in the SAML protocol handling was patched. This issue could potentially allow attackers to bypass authentication under specific conditions. All deployments should upgrade immediately to mitigate this risk. The release notes contain the exact CVE details for further tracking.
How is LDAP performance better?
LDAP performance improvements focus on reducing unnecessary writes and optimizing synchronization processes. This results in faster user imports and reduced load on your directory server during regular operations. For enterprises with large LDAP user bases, this translates to noticeably better responsiveness when managing users.
What happened to user session management?
User session management received several enhancements around persistence and querying. The changes make it more efficient to handle large numbers of active sessions, particularly in clustered environments. This matters because session data integrity is fundamental to maintaining secure authentication states across your applications.
FAQ
Is the JavaScript policy change backward compatible?
Most existing scripts should work, but you should test them. The new engine uses a different JavaScript runtime, so edge cases might behave differently. The old engine remains available but is deprecated.
How do I enable fine-grained admin permissions?
This feature is available through the admin console under the permissions tab for various resources. You'll need to configure which roles have access to specific management functions.
What's the impact of the critical SAML fix?
If you use SAML identity provider, upgrading is mandatory. The vulnerability could allow authentication bypass, so delay increases your security risk.
Are there any database schema changes?
No, this release doesn't include mandatory schema changes. You can upgrade from 4.4.x without modifying your database.
Which storage providers were affected by bug fixes?
Several fixes addressed issues with both map and JDBC storage providers, improving reliability and correcting error handling in edge cases.